| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] xen-unstable networking
On 27 Mar 2004, at 16:50, Keir Fraser wrote:
However, while packets from the vpn are correctly routed to domains
other than 0, packets from those domains appear directly on the
physical ethernet rather than being routed via domain 0 and down the
vpn tunnel. This does seem to to be working as designed in that the
domain has access to the physical ethernet for addresses which have
been added to its vif, but it would be useful for this situation if
the
packets could go via domain 0. Is this something which can be done
with
the current code?
Yes, it is possible. We do it automatically for 169.254.* addresses
--- see setup_vfr_rules_for_vif() in tools/xenctl/lib/utils.py in the
Xen source repository.
A suitable fix for you is to customise your dom_create script to call
a private copy of setup_vfr_rules_for_vif which routes 192.* addresses
via DOM0 rather than to the physical net interface.
That seems to work fine: this rule gives domain 1 access to the vpn,
and with a NAT rule in domain 0, access to the Internet:
ADD ACCEPT srcaddr=192.168.101.1 srcaddrmask=255.255.255.255 dst=ANY
srcdom=1 srcidx=0 dstdom=0 dstidx=0 proto=any
Is there a way to see what the VFR rules currently are? /proc/xen/vfr
can be read but returns nothing. Also, is there any way to flush the
VFR rules?
Thanks,
Chris.
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
|
|
|
| |
|
Home